diff --git a/common/src/main/java/org/keycloak/common/util/Base64Url.java b/common/src/main/java/org/keycloak/common/util/Base64Url.java index e76905f823..6d06a0c973 100755 --- a/common/src/main/java/org/keycloak/common/util/Base64Url.java +++ b/common/src/main/java/org/keycloak/common/util/Base64Url.java @@ -49,7 +49,8 @@ public class Base64Url { "Illegal base64url string!"); } try { - return Base64.decode(s); + // KEYCLOAK-2479 : Avoid to try gzip decoding as for some objects, it may display exception to STDERR. And we know that object wasn't encoded as GZIP + return Base64.decode(s, Base64.DONT_GUNZIP); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java index 484d8298a6..ff11936325 100755 --- a/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java +++ b/core/src/test/java/org/keycloak/SkeletonKeyTokenTest.java @@ -126,4 +126,12 @@ public class SkeletonKeyTokenTest { token.addAccess("bar").addRole("user"); return token; } + + @Test + public void testZipException() throws Exception { + // KEYCLOAK-2479 + // Example of LogoutAction, which shows the exception to STDERR during Base64.decode . Need to use flag DONT_GUNZIP to avoid it. + String logoutAction = "eyJhbGciOiJSUzI1NiJ9.eyJpZCI6ImUwYmRmMjQyLWJjZGItNGVjMy1hMGU4LTNjN2YyOTUzOTk5MC0xNDU1NzgyNTU2NjAyIiwiZXhwaXJhdGlvbiI6MTQ1NTc4MjU4NiwicmVzb3VyY2UiOiJwcm9kdWN0LXBvcnRhbCIsImFjdGlvbiI6IkxPR09VVCIsImFkYXB0ZXJTZXNzaW9uSWRzIjpbImx2c0oxNUpSX01XUE13aTIwbWRhTkJFRVZQZzQtMTkzVUZKem42M1EiXSwibm90QmVmb3JlIjowLCJrZXljbG9ha1Nlc3Npb25JZHMiOlsiOThkNWE3YTYtYjNmNi00ZTg3LWI5OTktOTg1N2YzMDRiZjY4Il19.H4vo7YXW8oQgYsIo9VPYeSsp1jXJR0TwJUwmiXjQJSyxFoKhHgIh3Y63ldVUeBRppxX9xhjOdYEckeppAn-1XnNxUmbExXWXirRIw8tiEtUPPCPztdkKsM0y6xWRd3Sjgg4fWB_1sMn6EWvCAvO7ahs6Rbb2Vo18nlHfxYRSTWw"; + JWSInput input = new JWSInput(logoutAction); + } }